Annual Report 2020

Limits of Authority The Group documented its Limits of Authority (“LOA”) clearly defining the level of authority and responsibility in making operational and commercial business decisions. Approving authorities cover various levels of Management and the Board. The LOA is reviewed regularly and any amendments made must be tabled to and approved by the Board. The latest AAGB LOA was approved by the Board on 28 August 2019. Insurance The Group maintains adequate insurance and physical safeguards on assets to ensure these are sufficiently covered against any incident that could result in material losses. Specifically, the Group maintains the Group Aviation Insurance which provides coverage for the following: • Aviation Hull and Spares All Risks and Liability • Aviation Hull and Spares War and Allied Perils (Primary and Excess) • Aircraft Hull and Spares Deductible • Aviation War, Hijacking and other Perils Excess Liability (Excess AVN52) Information Security Information Security protects information (data), the systems it is housed in and the users of these systems from a wide range of threats, as well as safeguards the confidentiality, integrity and availability of information. Information security in the Group is achieved through a set of controls which includes policies, standards, procedures, guidelines, organisation structures and software control functions. The Group acknowledges the importance of leveraging Information Technology (“IT”) to promote effectiveness and efficiency of business operations. Heavy reliance on IT exposes us to emerging cyber security threats, hence Group Information Security Management is in place to manage cyber security risk. The Information Security Management programme includes: • Evaluations of the adequacy of controls for new infrastructures and information systems • Evaluations of emerging security technologies • Adequacy of information asset protection within the Group • Assurance of the adequacy of security controls by coordinating security reviews such as penetration testing and vulnerability assessment Code of Conduct AAGB has a Code of Conduct (“the Code”) which governs the conduct of its employees, officers and directors. The Code sets out the standards and ethics that they are expected to adhere to. It highlights AAGB’s expectations on their professional conduct which includes: • The environment inside and outside of workplace • The working culture • Conflict of interest • Confidentiality and disclosure of information • Good practices and controls • Duty and declaration The Code also sets out the circumstances in which an employee, officer and director would be deemed to have breached the Code after due inquiry and disciplinary actions that can be taken against them if proven guilty. 157 ANNUAL REPORT 2020